package cn.net.autocode.platform.security.service;

import cn.net.autocode.core.utils.PasswordUtils;
import cn.net.autocode.core.utils.UserThreadLocalUtils;
import cn.net.autocode.dbManager.Dao;
import com.alibaba.fastjson2.JSONObject;
import org.springframework.stereotype.Service;

@Service("platformSecurityServ")
public class SecurityServ {

    private final Dao dao;

    public SecurityServ(Dao dao) {
        this.dao = dao;
    }

    public boolean checkPassword(String password){
        String hashed = dao.queryValue("select passwrd from sys_users where username=?",String.class,UserThreadLocalUtils.getUserName());
        boolean result = PasswordUtils.checkpw(password,hashed);
        if(!result){
            //记录错误日志信息，防治密码暴力破解
        }
        return result;
    }

    public String checkPasswordValidate(String password){
        JSONObject rules = dao.queryJSON("select * from autocode_pwpolicy");
        JSONObject rs =  PasswordUtils.validate(rules,password);
        if(rs.getIntValue("code")==1){
            return "success";
        }else{
            return rs.getString("msg");
        }
    }
}
